Data Protection Policy according to the GDPR

The controller within the meaning of the EU General Data Protection Regulation (GDPR) and other national data protection laws of the Member States, as well as other provisions of data protection law, is:
artop GmbH
Christburger Str. 41
10405 Berlin
Germany
Tel.: +49 30 44 01 29 90
email: kontakt@artop.de
Website: www.artop.de

3.1 Scope of the processing of personal data
In general, we process the personal data of our users only if this is necessary in order to provide a functioning website and our content and services or in order to optimise the technical functionality of our website (redirecting from old pages to new pages). We normally process the personal data of our
Data Protection Policy in accordance with the GDPR 2 of 14
users only with their consent. An exception exists in cases where it is not possible for practical reasons to obtain advance consent and the processing of the data is permitted by statutory provisions.

3.2 Legal basis for the processing of personal data
To the extent that we obtain consent from the data subject for processing operations involving personal data, the legal basis is Article 6(1)(a) GDPR.
Where the processing of personal data is necessary for the performance of a contract to which the data subject is party, the legal basis is Article 6(1)(b) GDPR. This also applies to processing operations that are necessary in order to take steps prior to entering into a contract.
Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Article 6(1)(c) GDPR
In the event that the processing of personal data is necessary in order to protect the vital interests of the data subject or of another natural person, the legal basis is Article 6(1)(d) GDPR.
If processing is necessary for the purposes of the legitimate interests pursued by us or by a third party, and such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis for processing is Article 6(1)(f) GDPR.

3.3 Data erasure and period of storage
The data subject’s personal data are erased or blocked once the purpose for storage ends. In addition, personal data may be stored if this was provided for by European or national legislators in EU regulations, laws, or other provisions to which the controller is subject. Data are blocked or erased only if a storage period prescribed by the aforementioned legal norms has expired, unless it is necessary to continue to store the date for the conclusion or performance of a contract.

4. Provision of the website and creation of log files

4.1 Description and scope of data processing
Each time our website is accessed, our system automatically collects data and information from the computer system wordpress of the accessing computer.
In the process, the following data are collected:
(1) information about the browser type and the version being used
(2) the user’s operating system
(3) the user’s internet service provider
(4) the user’s IP address
(5) date and time of access
(6) websites from which the user’s system reached our website
(7) websites from are accessed by the user’s system from our website
The data are likewise stored in our system’s log files. They do not include the user’s IP addresses or other data that enable the data to be attributed to a user. These data are not stored together with other personal data of the user.
Data Protection Policy in accordance with the GDPR 3 of 14

4.2 Legal basis for data processing
The legal basis for the temporary storage of the data is Article 6(1)(f) GDPR.

4.3 Purpose of data processing
The temporary storage of the IP address by the system is necessary in order to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.
These purposes also constitute our legitimate interest in data processing in accordance with Article 6(1)(f) GDPR.

4.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection. Where data are collected for the purpose of providing the website, this is the case when the relevant session has ended.

4.5 Option to object and remove
The collection of data for the purpose of providing the website and the storage of data in log files are essential for the operation of the website. Therefore, the user has no option to object.

5. Use of cookies

5.1 Description and scope of data processing
This website uses cookies. Cookies are text files that are stored in or by the web browser on the user’s computer system. Thus, if a user accesses a website, a cookie may be stored on the user’s operating system. This cookie consists of a series of characters that make it possible to unambiguously identify the browser when the website is accessed again.
This website uses features of the web analysis service Google Analytics, which uses cookies. You can find additional information about this in Section 7 of this Data Protection Policy, “Data protection policy for the use of Google Analytics”.
The data of users collected in this manner are pseudonymised through technical measures. Therefore, it is no longer possible to attribute the data to the accessing user. The data are not stored together with other personal data of users.
When accessing our website, users are notified by an info banner about the use of cookies for analysis purposes and are referred to this Data Protection Policy. In this regard, information is provided about how the storage of cookies can be prevented in the browser settings.

5.2 Legal basis for data processing
The legal basis for the processing of personal data using cookies is Article 6(1)(f) GDPR.
Data Protection Policy in accordance with the GDPR 4 of 14

5.3 Purpose of data processing
The purpose for using technically necessary cookies is to simplify the use of websites for users. Some features of our website are not able to be offered without the use of cookies. For them, the browser needs to be recognised also after switching pages.
We require cookies for the following applications:
(1) confirmation of consent to the use of cookies
The user data collected through technically necessary cookies are not used to create user profiles.

5.4 Period of storage, option to object and remove
Cookies are stored on the user’s computer and transmitted by it to our website. Therefore, as user, you have full control over the use of cookies. By changing the settings in your web browser, you can deactivate or limit the transmission of cookies. Cookies that have already been stored can be deleted at any time. This can also take place automatically. If cookies are deactivated for our website, all features of the website may be unable to be used to their full extent.

6. Newsletter

6.1 Description and scope of data processing
On our website, it is possible to subscribe to a free newsletter. When subscribing to the newsletter, the data in the entry fields “last name”, “first name”, and “email address” are transmitted to CleverReach GmbH & Co KG, Mühlenstr. 43, 26180 Rastede, Germany.
In addition, the following data are collected when subscribing:
(1) date and time of registration
When subscribing, your consent is obtained to the processing of the data, and reference is made to this Data Protection Policy.

6.2 Legal basis for data processing
The legal basis for the processing of data after the user subscribes to the newsletter is, provided that the user has consented, Article 6(1)(a) GDPR.

6.3 Purpose of data processing
The collection of the user’s email address serves the purpose of sending the newsletter.
The collection of other personal data when subscribing serves the purpose of preventing misuse of the services or the utilised email address.

6.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection. Accordingly, the user’s email address is stored for as long as the newsletter subscription is active.
Data Protection Policy in accordance with the GDPR 5 of 14
In most cases, the other personal data that are collected on the artop website when subscribing are erased without delay.

6.5 Option to object and remove
The relevant user may cancel the subscription to the newsletter at any time. Each newsletter contains a corresponding link for the purpose.
The consent to the storage of personal data that are collected when subscribing can likewise be withdrawn at that time.

7. Data protection policy for the use of Google Analytics

This website uses features of the web analysis service Google Analytics. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, U.S. Google Analytics utilises so-called “cookies”, which are text files that are stored on your computer and enable an analysis of your use of the website. The information generated by cookies about your use of this website is normally transferred to a Google server in the U.S. and stored there.
However, in the case of IP anonymisation on this website, your IP address is first shortened by Google within the Member States of the European Union or in other Contracting States of the Agreement on the European Economic Area. Only in exceptional cases is the full IP address transferred to a Google server in the U.S. and shortened there. Google uses this information on behalf of the operator in order to evaluate your use of the website, to compile reports about website activities, and to provide the website operator with additional services associated with website use and internet use. The IP address transferred from your browser in connection with Google Analytics is not combined with other Google data.
You can prevent the storage of cookies by adjusting the settings in your browser software. However, please be aware that in such case, you may not be able to use all features of our website to their full extent. In addition, you can prevent the collection and processing by Google of the data generated by the cookie relating to your use of the website (including your IP address) by downloading and installing the browser plug-in available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de

8. Data protection policy for the use of Xing

Our website uses features of the network XING. The provider is XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. Each time one of our pages is accessed that contains XING features, a connection is established to XING servers. To our knowledge, personal data are not stored when this occurs. In particular, IP addresses are not stored, and usage behaviour is not analysed.
You can find additional information about data protection and the Xing share button at https://www.xing.com/app/share?op=data_protection
Objection to advertising email
Data Protection Policy in accordance with the GDPR 6 of 14
We hereby object to the use of contact data published in connection with the imprint duty for the purpose of sending advertising and informational materials that were not expressly requested. The operator of the sites expressly reserves the ability to take legal action in the event of the unrequested sending of advertising information, such as through spam email.
Information, erasure, blocking
You at all times have the free right to information about the personal data stored about you, their source and recipients, and the purpose of data processing, as well as a right to the rectification, blockage, or erasure of these data. You may contact us at any time about this or with other questions at the address indicated in the imprint.

9. Server log files

The provider of the sites collects and automatically stores information in so-called server log files, which your browser automatically transmits to us. This consists of:
(1) browser type/browser version
(2) the operating system being used
(3) referrer URL
(4) host name of the accessing computer
(5) time of day of the server request
(6) IP address is not stored
These data cannot be attributed to specific persons. These data are not combined with other data sources. We reserve the ability to retrospectively review these data if we become aware of specific indications of unlawful use.

10. Registering for a training session or an open seminar

10.1 Description and scope of data processing
On our website, we offer users the ability to register for a training session or an open seminar by providing personal data. In this regard, the data are entered in an entry field and transmitted to us and stored. The data are not disclosed to third parties. The following data are collected in connection with the registration process:
(1) salutation, title, first name, last name
(2) postal address
(3) email address
(4) phone number (landline and/or mobile phone)
(5) where applicable, CV, application documents, references, and certificates
(6) motivation for registering
(7) where applicable, current job and employer
(8) where applicable, date and place of birth
In addition, the following data are stored at the time of registration:
Data Protection Policy in accordance with the GDPR 7 of 14
(1) date and time of registration
The user’s consent to the processing of these data is obtained in connection with the registration process.

10.2 Legal basis for data processing
The legal basis for the processing of data is, provided that the user has consented, Article 6(1)(a) GDPR.

10.3 Purpose of data processing
Registration by the user is necessary for the performance of a contract with the user or in order to take steps prior to entering into a contract.
In the case of taking steps prior to entering into a contract or performing a contract, these data are primarily collected for correspondence. Personal data are collected
(1) in order to be able to identify you as a customer;
(2) in order to be able to reasonable advise you;
(3) for the purpose of corresponding with you;
(4) in order to be able to fulfil pre-contractual and contractual duties owed to you;
(5) in order to be able to meet our statutory obligations;
(6) for the purpose of invoicing and, where necessary, in connection with dunning;
(7) for purposes of permissible direct marketing;
(8) for the purpose of asserting possible claims against you.

10.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection.
This is the case for the during the registration process for the performance of a contract or in order to take steps prior to entering into a contract where the data are no longer necessary for performance of the contract. The contracting partner’s personal data may also need to be stored after conclusion of the contract in order to meet contractual or statutory obligations.
The processing of personal data occurs when you enquire with us and is necessary for the aforementioned purposes for handling your order and for fulfilling obligations in connection with the underlying contract.
The collected personal data are stored until expiry of the statutory retention period for merchants (6, 8, or 10 years after the end of the calendar year in which the contractual relationship was terminated) and then erased. By way of exception, this does not apply if we are obligated because of retention duties under tax law or commercial law (pursuant to the German Commercial Code (HGB), the German Criminal Code (StGB), or the German Fiscal Code (AO)) to store them for a longer period of time or if you consented to storage for a longer period of time.

10.5 Option to object and remove
As user, you at all times have the option to cancel the registration. You can at any time have the data stored about you modified.
Data Protection Policy in accordance with the GDPR 8 of 14
Your rights as data subject
As the subject of data processing, you have the following rights:
(1) Right to withdraw: You can withdraw consent you have granted at any time. Data processing based on the withdrawn consent may henceforth no longer be continued.
(2) Right to information: You can obtain information about your personal data processed by us. This applies, in particular, to the purposes of data processing, the categories of personal data, where applicable the categories of recipient, the period of storage, where applicable the origin of your data, and where applicable the existence of automated decision-making, including profiling and where applicable meaningful information about its details.
(3) Right to rectification: You can obtain the rectification of inaccurate personal data stored by us or, where they are incomplete, their completion.
(4) Right to erasure: You can obtain the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
(5) Right to restriction of processing: You can obtain the restriction of the processing of your personal data where you contest the accuracy of the personal data, the processing is unlawful but you oppose their erasure. In addition, you have this right where we no longer need the data but you require them for the establishment, exercise or defence of legal claims. Furthermore, you have this right where you have objected to the processing of your personal data.
(6) Right to data portability: You can request that we transmit to you your personal data that you provided to a us in a structured, commonly used and machine-readable format. Alternatively, you can obtain the direct transmission of the personal data provided by you to us to another controller, insofar as this is possible.
(7) Right to lodge a complaint: You can lodge a complaint with the supervisory authority competent for us, e.g. if you believe that we have processed your data in an unlawful manner. The authority competent for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, tel.: +49 3013889-0, email: mailbox@datenschutz-berlin.de.
If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, premature erasure of the data is possible only if erasure is not prevented by contractual or legal obligations.

11. Contact form and email contact

11.1 Description and scope of data processing
Our website contains a contact form that can be used for making electronic contact. If a user exercises this ability, the data entered in the entry field are transmitted to us and stored. These data include:
(1) salutation, title, first name, last name
(2) email address
(3) phone number (landline and/or mobile phone)
Data Protection Policy in accordance with the GDPR 9 of 14
When the message is sent, the following data are also stored:
(1) date and time of registration
During the sending process, your consent is obtained to the processing of the data, and reference is made to this Data Protection Policy.
Alternatively, contact may be made using the provided email address. In that case, the user’s personal data transmitted with the email are stored.
The data are not disclosed to third parties in this regard. The data are used solely for processing the conversation.

11.2 Legal basis for data processing
The legal basis for the processing of data is, provided that the user has consented, Article 6(1)(a) GDPR.
The legal basis for the processing of data that are transmitted in the course of sending an email is Article 6(1)(f) GDPR. If the email contact is aimed at concluding a contract, the additional legal basis for the processing is Article 6(1)(b) GDPR.

11.3 Purpose of data processing
The processing of personal data from the entry field serves only to enable us to process the contacting. In the case of contact made by email, this also constitutes the required legitimate interest in the processing of the data.
The other personal data processed during the sending process serve to prevent misuse of the contact form and to guarantee the security of our information technology systems.

11.4 Period of storage
The data are erased once they are no longer needed for achieving the purpose of their collection. For personal data from the entry field of the contact form and those sent by email, this is then the case where the relevant conversation with the user has ended. The conversion is considered ended when is can be assumed from the circumstances that the relevant matter has been definitively resolved.
The personal data additionally collected during the sending process are erased after seven days, at the latest.

11.5 Option to object and remove
The user may at any time withdraw his or her consent to the processing of personal data. If the user contacts us by email, he or she may object at any time to the storage of his or her personal data. In such case, the conversation may not be continued.
Your rights as data subject
As the subject of data processing, you have the following rights:
Data Protection Policy in accordance with the GDPR 10 of 14
(1) Right to withdraw: You can withdraw consent you have granted at any time. Data processing based on the withdrawn consent may henceforth no longer be continued.
(2) Right to information: You can obtain information about your personal data processed by us. That applies, in particular, to the purposes of data processing, the categories of personal data, where applicable the categories of recipient, the period of storage, where applicable the origin of your data, and where applicable the existence of automated decision-making, including profiling and where applicable meaningful information about its details.
(3) Right to rectification: You can obtain the rectification of inaccurate personal data stored by us or, where they are incomplete, their completion.
(4) Right to erasure: You can obtain the erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest, or for the establishment, exercise or defence of legal claims.
(5) Right to restriction of processing: You can obtain the restriction of the processing of your personal data where you contest the accuracy of the personal data, the processing is unlawful but you oppose their erasure. In addition, you have this right where we no longer need the data but you require them for the establishment, exercise or defence of legal claims. Furthermore, you have this right where you have objected to the processing of your personal data.
(6) Right to data portability: You can request that we transmit to you your personal data that you provided to a us in a structured, commonly used and machine-readable format. Alternatively, you can request the direct transmission of the personal data provided by you to us to another controller, insofar as this is possible.
(7) Right to lodge a complaint: You can lodge a complaint with the supervisory authority competent for us, e.g. if you believe that we have processed your data in an unlawful manner. The authority competent for us is: Berliner Beauftragte für Datenschutz und Informationsfreiheit, Friedrichstr. 219, 10969 Berlin, tel.: +49 3013889-0, email: mailbox@datenschutz-berlin.de.
If the data are necessary in order to perform a contract or to take steps prior to entering into a contract, premature erasure of the data is possible only if erasure is not prevented by contractual or legal obligations.
In such case, all personal data that were stored in the course of contacting are erased.

12. Rights of the data subject
If personal data of yours is processed, you are a data subject within the meaning of the GDPR, and you have the following rights vis-à-vis the controller:

12.1 Right to information:
You can obtain from the controller confirmation as to whether or not personal data concerning you are being processed by us.
If such processing is taking place, you can request the following information from the controller:
Data Protection Policy in accordance with the GDPR 11 of 14
(1) the purposes for which the personal data are being processed;
(2) the categories of personal data being processed;
(3) the recipients or categories of recipient to whom the personal data have been or will be disclosed;
(4) the envisaged period for which the personal data concerning you will be stored, or, if specific information about this is not possible, the criteria used to determine that period;
(5) the existence of the right to rectification or erasure of personal data concerning you, a right to restriction of processing by the controller or to object to such processing;
(6) the right to lodge a complaint with a supervisory authority;
(7) where the personal data are not collected from the data subject, any available information as to their source;
(8) the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
You have the right to request information about whether personal data concerning you are transferred to a third country or to an international organisation. In this connection, you can request that you be informed of the appropriate safeguards pursuant to Article 46 GDPR relating to the transfer.
This right to information may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

12.2 Right to rectification
You have the right to rectification and/or completion vis-à-vis the controller where the processed personal data concerning you are inaccurate or incomplete. The controller must carry out the erasure without undue delay.
This right to rectification may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

12.3 Right to restriction of processing
You can obtain restriction of the processing of the personal data concerning you under the following conditions:
(1) if you contest the accuracy of the personal data concerning you for a period enabling the controller to verify the accuracy of the personal data;
(2) the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead;
(3) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or
(4) you have objected to processing pursuant to Article 21(1) GDPR and is has not yet been verified whether the legitimate grounds of the controller override your grounds.
Where the processing of personal data concerning you has been restricted, such data may, with the exception of storage, be processed only with your consent or for the establishment, exercise or defence
Data Protection Policy in accordance with the GDPR 12 of 14
of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State.
If processing was restricted under the aforementioned conditions, you will be informed by the controller before the restriction is lifted.
This right to restriction of processing may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

12.4 Right to erasure

12.4.1 Duty to erase
You can obtain from the controller the erasure of personal data concerning you without undue delay, and the controller is obligated to erase such data without undue delay where one of the following grounds applies:
(1) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
(2) you withdraw your consent on which the processing is based according to Article 6(1)(a) or Article 9(2)(a) GDPR, and where there is no other legal ground for the processing.
(3) you object to the processing pursuant to Article 21(1) GDPR and there are no overriding legitimate grounds for the processing, or you object to the processing pursuant to Article 21(2) GDPR.
(4) the personal data concerning you have been unlawfully processed.
(5) the personal data concerning you have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject.
(6) the personal data concerning you have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.
12.4.2 Information to third parties
Where the controller has made the personal data concerning you public and is obliged pursuant to Article 17(1) GDPR to erase the personal data, the controller, taking account of available technology and the cost of implementation, must take reasonable steps, including technical measures, to inform controllers which are processing the personal data that you as the data subject have requested the erasure by such controllers of any links to, or copy or replication of, those personal data.

12.4.3 Exceptions
The right to erasure does not exist where the processing is necessary
(1) for exercising the right of freedom of expression and information;
(2) for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(3) for reasons of public interest in the area of public health in accordance with Article 9(2)(h) and (i) as well as Article 9(3) GDPR;
(4) for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) GDPR insofar as the right referred to
Data Protection Policy in accordance with the GDPR 13 of 14
in Section (a) is likely to render impossible or seriously impair the achievement of the objectives of that processing; or (5) for the establishment, exercise or defence of legal claims.

12.5 Right to be informed
If you asserted your right to rectification, erasure, or restriction of processing vis-à-vis the controller, it is obligated to communicate this to each recipient to whom the personal data concerning you have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to be informed by the controller about those recipients.

12.6 Right to data portability
You have the right to receive the personal data concerning you, which you have provided to the controller, in a structured, commonly used and machine-readable format. You also have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where
(1) the processing is based on consent pursuant to Article 6(1)(a) or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR, and
(2) the processing is carried out by automated means.
In exercising this right, you also have the right to have the personal data concerning you transmitted directly from one controller to another, where technically feasible. This must not adversely affect the rights and freedoms of others.
The right to data portability does not apply to the processing of personal data that is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

12.7 Right to object
You have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you that is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.
The controller may no longer process the personal data concerning you unless the controller demonstrates compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
Where personal data concerning you are processed for direct marketing purposes, you have the right to object at any time to processing of personal data concerning you for such marketing, which includes profiling to the extent that it is related to such direct marketing.
Where you object to processing for direct marketing purposes, the personal data concerning you will no longer be processed for such purposes.
In the context of the use of information society services, and notwithstanding Directive 2002/58/EC, you may exercise your right to object by automated means using technical specifications.
Where personal data are processed for scientific or historical research purposes or statistical purposes pursuant to Article 89(1) GDPR, you also have the right, on grounds relating to your particular situation, to object to processing of personal data concerning you.
Data Protection Policy in accordance with the GDPR 14 of 14
Your right to object may be limited if it is likely to render impossible or seriously impair the achievement of research or statistical purposes and the limitation is necessary for the fulfilment of research or statistical purposes.

12.8 Right to withdraw the declaration of consent required by data protection law
You have the right to withdraw at any time the declaration of consent required by data protection law. The withdrawal of consent does not affect the lawfulness of the processing undertaken on the basis of the consent until withdrawal.

12.9 Automated individual decision-making, including profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision
(1) is necessary for entering into, or performance of, a contract between you and the data controller,
(2) is authorised by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard your rights and freedoms and your legitimate interests, or
(3) is based on your explicit consent.
However, such decisions may not be based on special categories of personal data referred to in Article 9(1) GDPR, unless Article 9(2)(a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and your legitimate interests are in place.
With respect to the cases referred to in (1) and (3), the data controller must implement suitable measures to safeguard your rights and freedoms and your legitimate interests, at least the right to obtain human intervention on the part of the controller, to express your point of view and to contest the decision.

12.10 Right to lodge a complaint with a supervisory authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data concerning you infringes the GDPR.
The supervisory authority with which the complaint was lodged must inform the complainant on the progress and the outcome of the complaint including the possibility of a judicial remedy pursuant to Article 78 GDPR.

This website uses functions of the web analytics service Google Analytics. Provider is the Google Inc. 1600 Amphitheater Parkway Mountain View, CA 94043, USA. Google Analytics uses so-called "cookies". By activating the following link you can deactivate these functions:

We point out, however, that in this case you may not be able to use all the functions of this website in full. For more information, see Section 7. Privacy Policy for Using Google Analytics in our Privacy Policy.